Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Maximum call stack size exceeded​​ error for dataUri validation #2218

Closed
JSteunou opened this issue Nov 13, 2019 · 3 comments
Closed

Maximum call stack size exceeded​​ error for dataUri validation #2218

JSteunou opened this issue Nov 13, 2019 · 3 comments
Assignees
Labels
bug Bug or defect
Milestone

Comments

@JSteunou
Copy link

JSteunou commented Nov 13, 2019

Support plan

  • which support plan is this issue covered by? (e.g. Community, Core, Plus, or Enterprise):
  • is this issue currently blocking your project? (yes/no):
  • is this issue affecting a production system? (yes/no):

Context

  • node version: v12
  • module version with issue: v15.1.1
  • last module version without issue:
  • environment (e.g. node, browser, native): node
  • used with (e.g. hapi application, another framework, standalone, ...): standalone
  • any other relevant information:

What are you trying to achieve or the steps to reproduce?

simple Joi.string().dataUri() with a big string (over than 6Mb)

What was the result you got?

RangeError, maximum call stack size exceeded

What result did you expect?

Joi validation

Same issue than #1700 but with dataUri :)

@JSteunou JSteunou added the support Questions, discussions, and general support label Nov 13, 2019
@JSteunou
Copy link
Author

I think this could lead to a Regular Expression Denial of Service attack

@JSteunou
Copy link
Author

Tested the same fix that #1700 and it worked but I'm not a regexp expert so I would be more confident if someone else take a look at it

@hueniverse hueniverse added bug Bug or defect and removed support Questions, discussions, and general support labels Nov 17, 2019
@hueniverse hueniverse self-assigned this Nov 17, 2019
@hueniverse hueniverse added this to the 16.1.8 milestone Nov 17, 2019
@JSteunou
Copy link
Author

Thank you @hueniverse

@lock lock bot locked as resolved and limited conversation to collaborators May 20, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Bug or defect
Projects
None yet
Development

No branches or pull requests

2 participants